Wease type a plus sign (+) inside this box + | 



"1 ' 



ad 



PTO/SB/05 (4/98) 

Approved for use through 09/30/2000 OMB 0651-0032 
Patent and Trademark Office: U.S. DEPARTMENT OF COMMERCE 
Under (he Paperwork Reduction Act of 1 995, no persons are required to respond to a collection of information unless it displays a valid OMB control number. 



UTILITY 
PATENT APPLICATION 
TRANSMITTAL 

(Only for new nonprovisional applications under 37 CFR 1.53(b)) 



Attorney Docket No. 



004814.P017 



First inventor or Application Identifier Christopher Phillips 



4 O 



Titie MASKING PRIVATE BILLING DATA BY ASSIGNING OTHER BILLING- \ 



Express Mail Labei No. EL4 14991 05 4US 



APPLICATION ELEMENTS 

See MPEP chapter 600 concerning utility patent application contents 



ADDRESS TO: 



Assistant Commissioner for Patents JJ<^ 



Box Patent Application 
Washington, DC 20231 



u 



1 . g| Fee Transmittal Form 

(Submit an original, and a duplicate for fee processing) 

2. g| Specification [TotalPagesMi 

(preferred arrangement set forth below) 

- Descriptive title of the Invention 

- Cross References to Related Applications 

- Statement Regarding Fed sponsored R&D 

- Reference to Microfiche Appendix 

- Background of the Invention 

- Brief Summary of the Invention 

- Brief Description of the Drawings (if filed) 

- Detailed Description 

- Claim(s) 

- Abstract of the Disclosure 



5. Q Microfiche Computer Program (Appendix) 

6. Nucleotide and/or Amino Acid Sequence Submission 
(if applicable, ail necessary) 

a. Q Computer Readable Copy 

b. Q Paper Copy (identical to computer copy) 

c. Q Statement verifying identity of above copies 



3. I 



Drawing(s) (35U.S.C. 113) [Total Sheets U 



4. Oath or Declaration [Total Pages 5] 

a. g] Newly executed {original copy) 

b. Q Copy from a prior application (37 C.F.R. § 1 .63(d)) 
(for continuation/divisional with Box 16 completed) 

i. Q DELETION OF INVENTOR(S) 

Signed statement attached deleting 
inventor(s) named in the prior application, 
see 37 CFR §§ 1.63(d)(2) and 1.33(b). 



*NGTEFORfTEMS 1 & 13: IN ORDER TOBEENTTTLED TO PAY SMALL 
ENTITY FEES, A SMALL ENTITY STATEMENT IS REQUIRED (37 CFR 
§ 127), EXCEPT IF ONE FLED IN A PRIOR APPLICATION IS RELIED 
UPON(37CF.R§128). 



ACCOMPANYING APPLICATION PARTS 



7. ^ Assignment Papers (cover sheet & document(s)) 

Eg Power of Attorney 



8. □ 37 C.F.R. § 3.73(b) Statement 
(when there is an assignee) 



9. □ English Translation Document (if applicable) 

10. □ Information Disclosure P] Copies of IDS 

Statement (I DS)/PTO - 1 449 Citations 

11. □ Preliminary Amendment 

12. g| Return Receipt Postcard (MPEP 503) 

(Should be specifically itemized) 

13. gg *Small Entity Q Statement filed in prior application, 

Statement(s) Status still proper and desired 

14. Certified Copy of Priority Document(s) 
(if foreign priority is claimed) 

15. □ Other: 



16. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in a preliminary amendment: 
[] Continuation Q Divisional Q Continuation-in-part (CI P) of prior application No: 



Prior application Information: Examiner_ 



Group/Art Unit\ 



For CONTINUATION or DIVISIONAL APPS only: The entire disclosure of the prior application, from which an oath or declaration is supplied under Box 4b, is 
considered a part of the disclosure of the accompanying continuation or divisional application and is hereby incorporated by reference. The incorporation can 
only be relied upon when a portion has been inadvertently omitted from the submitted application parts. 



17. CORRESPONDENCE ADDRESS 



I I CustimerNimTt^dB^CodeUt^ \ 



(insert Customer No. or Attach barcode label here) 



or 



QywsponderceadctBss below 



Name 



BLAKELY, SOKOLOFF, TAYLOR & ZAFMAN LLP 



Address 



12400 Wilshire Boulevard, Seventh Floor 



City 



Los Angeles 



State 



{Telephone 



California 



Zip Code 



90025 



Country 



U.S.A. 



(503) 684-6200 



Fax 



(503) 684-3245 



Name (Print/Type) 



Signature 



Steven D. Yates, Reg. No. 42,242 



Date | 



04/20/00 



Burden Hour Statement* This form is estimated to take 0(2 hours to complete. Time will vary depending upon the needs of the individual case. Any comments on the amount of time you are 
required to complete this form should be sent to the Chief Information Officer, Patent and Trademark Office, Washington, DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO 
THIS ADDRESS. SEND TO: Assistant Commissioner for Patents, Box Patent Application, Washington, DC 20231. 



SENT BY: CHROMIUM COMMUNICATIONS- 425 739 2210' 

RPR ZB '00 05= 02PM BLAKELY ET PL 



APR-20-00 4; 



56PM; PAGE 2 

PPR 20 '00 05:53PM 

P. 2/7 



«CVM^ for UUltaugh 09000000- OMB 0C5* -0031 
PiimindTtodmrkOlloa: US. DEPARTMENT Of OCWHEACE 



STATEMENT CLAIMING SMALL ENTITY STATUS 
(37 CFR 1.9(f) & 1.27(c)) - SMALL BUSINESS CONCERN 



Docket Number (Optional) 
004814*017 



Applicant, Patent™, or Identifier: — . — — — — — ■ — 

Application or Patent No.; 

Filed ©r issued: April 2/100 - 

Title: Mft.S ?^ WT VATR MT JINK DATA BY ASSIGNING QTHFR BTUJNfi DATA TO USE TEL 

I hereby slat© that I am 

IS the owner of the small business concern Identified below: 

□ an official of the small business concern empowered to act fin behalf of the oonoern identified below: 
NAME OF SMALL BUSINESS CONCERN ffiTrlwil , /^ . - ■ ■ 

ADDRESS OF SMALL BUSINESS CONCERN 510 Kirlrlaiirt Way N P , Snlfti inn 

KW1afiri,WA 



1 hereby state that the above identified email business concern qualifier as a small business concern 
as defined In 13 CFR 121 for purpose* of paying reduced fees to the United States Patent and Trademark 
Office, Questions related to size standards for a small bueines concern may be directed to: small Business 
Administration, Sire Standards Staff, 400 Third Street, SW f Washington, DC 20418. 

I hereby state that rights under contract or lew have been conveyed to and remain with the small 
business concern Identified above with regard to the invention described in; 



g| the specification filed herewith, with title as listed above. 
~~ the application identified above, 
the patent identified above. 



8 



If the rights held by the above identified smaJI business concern are not exclusive, each individual, 
concern, or organization having rights to the invention must file separate statements as to their etatua as small 
entities, and no rights to the Invention are held by any person, other than the Inventor, who could not qualify as a 
an indepndent inventor under 37 CFR 1.9(c) If that person made the invention, or by any concern which would not 
qualify as a small business concern under 37 CFR 1.9(d), or a non-profit organization under 37 CFR 1.9(e). 



entities, 
eninde 

quaSffy 

Each such person, concern or organization having any rights in the invention is listed below 



g| No such person, concern, or organization exists. 

□ each such person, concern or organization to listed beioW 

Separata statements are required from each named person, concern or organization having rights to the 
invention stating their status as small entities (37 CRR 1.9(e). 

I acknowledge the duty to file, hi this application or patent, notification of any change in statue resulting in 
loss of entitlement toimaJI entfy status prior to paying, or at to 

maintenance tee due after the date on which status as a small entity is no longer appropriate. (37 CFR 1,28<b)) 



Name of PGflSON Signing: Sotih Pmicr — . 

Title of Person Other Than Owner: PrailrianT — — - — 

ADDRESS of PERSON Signing: mKirkland^.NF , finifr inn , ffirHaurl , WA 98fm 

Signature; 

^LUlW^ DATS fA?/flO 



^.r^^^^SC^S T^^a^^a<h^7uv^^<><<^' o** oc rati, do mot send fees oh 



Attorney's Docket No. 04814. P01 7 



APPLICATION FOR UNITED STATES LETTERS PATENT 



FOR 



Masking Private Billing Data By Assigning Other 
Billing Data To Use In Commerce With Businesses 



Inventor(s): Christopher Phillips 
Eric Engstrom 



Prepared by: 

BLAKELY SOKOLOFF TAYLOR & ZAFMAN, LLP 
12400 Wilshire Boulevard, 7th Floor 
Los Angeles, California 90025 
(503) 684-6200 



Express Mail Label No. EL414991054US 



Attorney's Docket No. 04814.P017 



Masking Private Billing Data By Assigning Other 
Billing Data To Use In Commerce With Businesses 

BACKGROUND OF THE INVENTION 



1. Field of the Invention 

The present invention relates to the field of information systems. More 
specifically, the present invention relates to electronic purchases while 
1 0 maintaining privacy of customer billing data. 



2. Background Information 

The Internet is a well-known collection of public and private data 
communication and multimedia networks that operate using common protocols to 

1 5 form a world wide network of networks. Recently there has been an explosion in 
the availability of "virtual storefronts," e.g., commerce sites, reachable over the 
Internet. This rapid growth is due, in part, to the availability of fast, reliable and 
affordable computing device systems, and the general simplification of 
networking hardware and configuration. Thus, consumers and businesses alike 

20 now have access to hardware that makes effective online commerce 
commercially practicable. 

To conduct online transactions, a business typically sets up a home page 
(e.g., "web site") on the World Wide Web, which is a logical overlay of the 
Internet. Web sites are simply machines located someplace within the Internet, 

25 with traditional naming conventions for the machines, e.g., named WWW, and 
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holding themselves available to interact using standard protocols such as 
Hypertext Transfer Protocol (HTTP), and programming languages or 
environments such as Hypertext Transfer Protocol HTML, XML, Java, 
JavaScript, Java Beans, ActiveX, Visual Basic, or the like. 
5 To make a purchase via a web site, a customer executes a "browser," 

such as the Internet Explorer, Netscape Navigator, or other network aware 
application program that is configured to communicate with a business' web site. 
The customer locates a particular product, and proceeds to a "check out" web 
page (or equivalent) to process a purchase transaction. At this point, the 

1 0 customer must enter credit card data and other data sufficient to identify the 
customer and allow purchase of goods to occur. 

Historically, thieves have attempted to monitor such online transactions so 
as to steal consumer data to allow engaging in subsequent fraudulent 
transactions. Such monitoring is possible due to the inherently insecure nature 

1 5 of the Internet communication protocol. Internet communication follows the 
Transmission Control Protocol/Internet Protocol (TCP/IP), where data is broken 
into small packets that are individually sent to a recipient, received by the 
recipient and then re-assembled into the original data. 

Unfortunately, anyone with access to a network has the ability to "snoop" 

20 network traffic on that network. Thus, anyone capable of monitoring some 
portion of the communication path between the customer and business is then 
able to monitor the purchase transaction. To overcome this security problem, 
various protocols, e.g., IP Security (IPSEC), Secure Sockets Layer (SSL), 
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Secure HTTP (S-HTTP) have emerged to allow a business and a customer to 
securely communicate. 

Although the data packets can still be snooped, their contents are now 
encrypted and unusable. Thus, thieves have recently begun to attack, or "hack," 
5 the online commerce sites so as to steal consumer data stored within databases 
maintained by the business. Since private consumer data, such as credit card 
information, once received by a business, is reassembled and decrypted by the 
business, the data is available for theft. 

Thus, what is needed is an environment which provides consumers with 
1 0 the ability to engage in online transactions in a more secure manner. 



SUMMARY 

Apparatuses and methods registering a user with multiple businesses, 
where each business is given billing data, such as credit card data, that is unique 
15 to that business. Apparatuses, such as computing devices, and consumer 
electronic devices such as a telephone, communicate with a billing service so 
that billing data can be generated for particular businesses and used in 
commercial transactions with the business. Such communication and generation 
may be in advance of a purchase, or generated in real-time during a purchase. 

20 

BRIEF DESCRIPTION OF THE DRAWINGS 

FIG. 1 illustrates a client in communication with a network. 
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FIG. 2 is a flow chart according to one embodiment of the invention, 
illustrating a client registering with a business for purchasing a good. 

FIG. 3 is a flowchart according to one embodiment of the invention, in 
which a client purchases a good using billing data provided in advance by a 
billing service. 

FIG. 4 is a flowchart according to one embodiment of the invention, in 
which a client purchases a good using billing data provided in real-time by a 
billing service. 

FIG. 5 illustrates one embodiment of a suitable computing environment in 
which certain aspects of the illustrated invention may be implemented. 

DETAILED DESCRIPTION 

In various embodiments of the invention, a customer is able to establish 
accounts with web sites without revealing private billing information such as 
credit card numbers, advance debit arrangements, invoice arrangements, etc. to 
a web site / business from whom the customer purchases goods. 

FIG. 1 illustrates a client 100 in communication with a network 104. Also 
attached to the network are multiple servers 102 (business web sites), such as 
those provided by e-commerce sites, online retailers, or other businesses 
seeking to engage in commerce with by way of networked customers. 

It is assumed the client comprises a computing device, such as a personal 
computer, which operates on behalf of a user (the purchaser of the good). In 
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alternate embodiments, the client may be incorporated into an electronic card, a 
telephone (FIG. 6), a personal digital assistant (PDA), a portable audio device, a 
portable audiovisual device, a cellular telephone, a key-chain dongle, or within an 
automobile or other transportation device. 
5 It is further assumed that each of the network locations to which a client 

may communicate provide a "web site" for engaging in commercial transactions, 
and will collectively be referred to as "businesses." For the purposes of this 
description, the phrase "web site" is intended to be a general reference to a 
network "presence" maintained by a business as well a logical presence 

1 0 maintained on behalf of a business. 

The clients 100 and businesses 102 are in communication, through the 
network 104, with a billing service 106. The billing service is configured to allow 
clients 100 to reduce the risk of disclosing billing data, such as personal credit 
card numbers, debit card numbers, bank account numbers, and the like, to 

15 businesses 102. In one embodiment, the billing service facilitates commercial 
transactions by generating substitute billing data that the client 100 can use when 
engaging in commercial transactions with businesses 102. The phrase 
"substitute billing data" refers to valid billing data that is owned and/or controlled 
by the billing service 106, where billing data is temporarily or permanently 

20 distributed to clients 100 to replace personal and/or private billing data of the 
client. 

Also in communication with the client 100 and businesses 102 by way of 
the network 104, is an encryption server 108. The encryption server can be used 
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to provide encryption keys to a client 100 and business 102 to allow them to 
engage in secure communications. In one embodiment, the encryption server 
108 is used to engage in conventional public key encryption systems, where the 
encryption server provides directory assistance services, allowing clients 100 and 
5 businesses 102 to retrieve public encryption keys. 

In one embodiment, public key encryption services are used in addition to 
encryption services already available to a client (e.g., such as those available 
within a web browser or other communication program used by the client 100). 
In an alternate embodiment, already available encryption services, such as those 

1 0 provided by a web browser, are used to securely communicate with the 
encryption server 108 to obtain encryption keys for opening a secure 
communication channel between the client 100 and business 102. 

This allows weaker security afforded by the client communication 
environment, e.g., a 40 bit or other short key system, to be used to communicate 

15 with the encryption server 108 to obtain more secure (e.g., longer) encryption 
keys. In this alternate embodiment, the built in security can also be used to 
transfer non-public key based cryptosystem keys, such as single use session 
keys, to the client 100 and business 102 for engaging in commerce. 

Associated with clients 100 are local storage, such as a database 110, 

20 that can store billing data and encryption data for use during transactions with a 
business 102. In one embodiment, records 112 within the database 110 are 
keyed on a business 102 identity reference. A business identity can be tracked 
by way of business name, unique identifier for the business (e.g., a tax ID or 
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other assigned/selected identifier), uniform resource locator (URL), TCP/IP "dot 
quad" network address (e.g., 10.1.2.3) used to access the business 102 over the 
network 104, or a combination of these and/or other references. 

As illustrated, the client local storage containing the database 110 is 
5 integral to a client 100, such as within local mass storage device(s). However, it 
will be appreciated that the database may be contained within a separate 
computing device (not shown) associated with the client 100, or maintained by or 
in conjunction with the billing service 106 or encryption server 108. For example, 
the billing service 106 or encryption server 108 may be used to store backup 
1 0 copies of billing data. 



FIG. 2 is a flow chart according to one embodiment of the invention, 
illustrating a client 100 registering with a business 102 for purchasing a good 
(e.g., a physical or electronic item) from the business. 

15 The first illustrated operation is the user initializing 200 the computing 

device. It is assumed that initialization includes all steps required to boot, wake 
from an idle state, or otherwise start the computing device and configure it for 
purchasing activity. Assume that the computing device is a handheld ("palmtop") 
personal computer executing the Microsoft Windows operating system. After 

20 initialization, the user loads 202 a communication program through which to 
engage in the purchasing activity. 

It will be appreciated that a number of environments may be used to 
implement the communication program. For example, a dedicated / custom 
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application program may be designed to access businesses over a network. 
Alternatively, the communication program can be built using communication 
features provided by Internet web browser products, such as Microsoft Internet 
Explorer, Netscape Navigator, or Opera. 

In this latter environment, the communication program may be 
implemented in one of, or a combination of, Java, JavaScript, JavaBeans, 
ActiveX, Visual Basic, HTML, DHTML, or other Internet related programming 
environments. It is assumed herein the communication program is based on an 
Internet browser, and that traditional Internet related communication protocols 
(e.g., TCP/IP, HTML, etc.) are used to communicate with businesses over the 
Internet. As discussed with respect to FIG. 1 , each business provides a web 
address to which a client can connect to engage in purchase transactions. 

After communication program initialization, the computing device is used 
to register 204 the user with a first web site maintained by a first business. Note, 
however, that even though the illustrated embodiment requires registration, it will 
be appreciated that in other embodiments, such registration need not occur first, 
or at all. To register, the computing device contacts 206 the first web site. In 
response the web site sends an acknowledgement 208. Since an Internet 
browser is assumed in use, the contact is by way of directing the browser to an 
appropriate receiving port monitored by a web server of the first business. It is 
assumed that port 80, the traditional Internet communication port, is used for 
communication. In the web browser context, acknowledgement can be 
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determined by receiving a "home page" or start page from the first business' web 
server. 

If 210 no acknowledgement is received, then a registration error has 
occurred and processing of this registration halts 212; in one embodiment, 
processing continues on (not shown) with registration attempts with other 
businesses. If acknowledgement is received, then the client 100 tells the 
business 102 it is interested in registering with the business 102. 

In one embodiment, the registration process is automated, where the 
business web server is configured to receive a registration command from the 
client, and in response the business web server sends the client registration 
forms to complete. For example, in response to the registration command, an 
HTML form (or equivalent structure) containing fields for the user's name, 
address, telephone number, and billing data, such as credit or debit card 
numbers, invoicing preferences, etc., is sent 214 to the client. This form (or 
equivalent structure) is completed 216 and returned 218 to the business. In 
response, the business 102 processes the returned data and registers 220 the 
client with the billing data returned 218 to the business web server. 

Completion of the form can be automated, through automated parsing of 
the form to identify various fields to fill out. In one embodiment, the extensible 
markup language (XML) is used to encode forms with semantic meaning to 
facilitate automatic interpreting and completing of a form. In an alternate 
embodiment, the user is allowed to review and complete a form with data known 
to the user, or the user can be provided with an opportunity to review and change 
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a form completed by the computing device. In another embodiment, a special 
communication port, analogous to browser port 80, is used to send and receive 
registration data. 

It will be appreciated that even though the above description assumes 
5 registration of a user with businesses, such registration is not required in order to 
obtain billing data to present to such businesses. 

FIG. 3 is a flowchart according to one embodiment of the invention, in 
which a client 100 purchases a good using billing data provided in advance by a 

1 0 billing service 1 06. This figure concerns the logical data flow for obtaining billing 
data used by a client 100 in purchasing a good from a business 102. 

As discussed above, there are intrinsic security issues within networks, 
such as the Internet or home/office local area networks (LANs), when more than 
just the parties to a conversation may "snoop" data passing on the network so as 

15 to discover secrets (e.g., credit card data or other sensitive data) disclosed 
during the conversation. In addition to attempts to securely encrypt the data 
transfers themselves, as will be discussed below, client provided billing data can 
be customized so as to reduce risk of theft and/or fraudulent use. 

A first operation is to contact 302 the billing service. In response, the 

20 billing service asks 304 for the business 1 02 with which the customer seeks to 
interact. As discussed above, a variety of different information can be provided 
to identify the business. For simplicity, it is assumed that the business name is 
used to identify the business 102. The business name is provided 306 to the 
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billing service 106. In response the billing service generates 308 billing data that 
can be used by the client in future transactions between the client and the 
identified business. The correspondence between billing data and business is 
tracked by the client 100 and/or it is tracked by the billing service 106. 
5 Once the billing data is known, the client 100 can then contact 310 a 

business and decide 312 on a good to purchase. In response to a purchase 
decision, the business sends 314 a payment request to the client to arrange for 
receiving payment for the good. However, unbeknownst to the business 102, in 
response to the payment request, instead of sending personal credit card 
1 0 information, or other payment data, the client 1 00 instead sends 31 6 the 
business the billing data created in advance by the billing service for the 
business 102. 

In one embodiment, the billing service obtains the billing data to distribute 
to clients by entering into agreements with banking institutions (or equivalent). 

1 5 The billing service is provided a large number different billing data, e.g., credit 
card numbers, debit card numbers, etc., and the billing service may also set up 
internal invoice accounts and the like. These different billing data are provided to 
a client 100 when the client registers with the billing service the client's intent to 
purchase from a business 102. 

20 In one embodiment, billing data presented to a client 100 is uniquely 

associated with the particular business 102 the client 100 intends to purchase 
from. Charges made against the billing data are received 318 by the billing 
service in due course through standard financial institutions such as banks, 
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savings and loans, investment houses, and the like. These charges are verified 
320 for validity. 

In one embodiment, the client informs the billing service of the items 
purchased (or possibly just item categories) so that the billing service may audit a 
5 particular charge to ensure only expected purchases appear on the charge. In 
one embodiment, the client informs the billing service of billing data that is 
provided to businesses so as to facilitate verification. For example, the origin of 
a charge can be compared against the business associated with the billing data. 
In this embodiment, if 322 the charge origin fails to match the business 
1 0 expected to be making the charge, then the charge may be fraudulent. 

Consequently, the charge is contested 324 so as to allow the client to investigate 
the validity of the charge before being billed for the charge. However, if 322 the 
expected business matches the charge origin, then the client is billed for the 
purchase amount paid by the billing service. Note that the client may be billed in 
1 5 a manner entirely different from the payment system required/used by the 
business 102. 

For example, the client may have arranged to have purchases 
automatically deducted from a bank account, while the billing service 1 06 is 
responsible for honoring a charge made by the business against credit card data 
20 provided by the client 100. Alternatively, the client may have arranged payment 
such that the billing service performs a direct wire transfer from a client's bank 
account directly into a receivables account of the business 102. 
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By associating a particular business with billing data, it is possible to 
account for a thief stealing apparently valid billing data from a business' Internet 
web server, and then attempting to engage in fraudulent activity. In addition to 
contesting 324 improper charges, the billing service can be configured to retire 
5 billing data that has been compromised. 

FIG. 4 is a flowchart according to one embodiment of the invention, in 
which a client 100 purchases a good using billing data provided in real-time by a 
billing service 106. It will be appreciated that even though FIGS. 3 and 4 are 
10 presented separately, a single client may use both real-time generated billing 
data, and advance-obtained billing data, depending on the business. 

After contacting 400 a business 102 from which a purchase is to be made, 
the client 100 user decides 402 on the purchase; this decision is transmitted to 
the business. It will be appreciated that this decision-making process may 
1 5 include the user reviewing various offerings of the business 102 (e.g., "surfing" 
the business web site), as well as directly connecting to a particular uniform 
resource location (URL) for purchasing a product (a purchase link may be known 
in advance). 

In response to the purchase decision, the business 102 sends 404 a 
20 payment request to the client. In response, analogous to that described above 
for FIG. 3, the client contacts 302 the billing service 106, provides 306 the 
business name to the service, and receives in real time billing data generated 
308 by the billing service for the business 102. In one embodiment, the billing 
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data presented to the client 100 is uniquely associated with the particular 
business 102 the client 100 is purchasing from. 

As with FIG. 3, unbeknownst to the business 102, in response to the 
payment request 404, instead of sending personal billing information of the user, 
5 the real time generated billing data is instead sent 406 to the business. 

Charges made against the billing data are received 408 by the billing 
service. As with FIG. 3, these charges are verified 410 for validity. If 412 the 
charges appear invalid/fraudulent, the charge may be automatically contested 
324 or other action taken, such as highlighting the transaction to the user to allow 

1 0 review of the validity of the charge. 

If 412 the charge is valid, then the client is billed for the purchase amount 
paid by the billing service. Note that the client may be billed in a manner entirely 
different from the payment system required/used by the business 102. In one 
embodiment, highlighting occurs within the bill sent to the user to accentuate 

1 5 invalid or possibly invalid charges. Highlighting can be by a variety of different 
methods, such as printing an offending charge in a bold typeface, in a larger 
type size, in a different font from the rest of the bill, in a different color, in a 
different section of a bill which organizes suspect charges in a single region, or 
through a combination of these or other highlighting techniques. 

20 In one embodiment, the billing service 106 tracks expiration dates for 

charges made by the user. That is, if a charge is received against a credit card 
number provided to a client 100 for purchasing from a business 102, there may 
be a timeout period, such as 60 days, in which a charge must be contested if 
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such charge is to be ever contested. In such circumstances, the highlighting may 
include prioritization of listed charges according to expiration of contest periods. 
In another embodiment, a separate bill section is provided for contestable 
charges expiring within a certain amount of time, such as two weeks. 
5 In one embodiment, the client can elect to be billed electronically, in 

addition to or in lieu of receiving a physical bill printed on paper. Electronic billing 
can be by way of E-mailing or otherwise electronically transferring bill data to the 
client. Alternatively, bills can be maintained by the billing service 106, such as 
through personalized web pages to which a client can log in and review charges. 
1 0 In one embodiment, the personalize web pages include buttons or other controls 
to allow disputing charges. In one embodiment, single-click buttons are provided 
with listed charges, where a single click of the button institutes a dispute process 
to cause the selected charge to be reviewed for fraud. 



15 FIG. 5 and the following discussion are intended to provide a brief, general 

description of a suitable computing environment in which certain aspects of the 
illustrated invention may be implemented. The invention may be described by 
reference to different high-level program modules and/or low-level hardware 
contexts. Those skilled in the art will realize that program module references can 

20 be interchanged with low-level hardware instructions. 

Program modules include procedures, functions, programs, components, 
data structures, and the like, that perform particular tasks or implement particular 
abstract data types. The modules may be incorporated into single and multi- 



Express Mail Label No. EL414991054US 



- 16- 



Patent 



Attorney's Docket No. 04814.P017 

processor computing systems, as well as hand-held devices and controllable 
consumer devices (e.g., Personal Digital Assistants (PDAs), cellular telephones, 
set-top boxes, Internet appliances, etc.). It is understood that modules may be 
implemented on a single computing device, or processed over a distributed 
5 network environment, where modules can be located in both local and remote 
memory storage devices. 

An exemplary system for implementing the invention includes a computing 
device 502 having system bus 504 for coupling together various components 
within the computing device. The system 504 bus may be any of several types 

1 0 of bus structures, such as PCI, AGP, VESA, MicroChannel, ISA and EISA, etc. 
Typically, attached to the bus 504 are processors 506 such as Intel, DEC Alpha, 
PowerPC, programmable gate arrays, etc., a memory 508 (e.g., RAM, ROM), 
storage devices 510, a video interface 512, and input/output interface ports 514. 
The storage systems and associated computer-readable media provide 

15 storage of data and executable instructions for the computing device 502. 
Storage options include hard-drives, floppy-disks, optical storage, magnetic 
cassettes, tapes, flash memory cards, memory sticks, digital video disks, and the 
like, and may be connected to the bus 504 by way of an interface 526. 

Computing device 502 is expected to operate in a networked environment 

20 using logical connections to one or more remote computing devices 51 6, 51 8 
through a network interface 520, modem 522, or other communication pathway. 
Computing devices may be interconnected by way of a network 524 such as a 
local intranet or the Internet. Thus, for example, with respect to the illustrated 



Express Mail Label No. EL414991054US 



- 17- 



Patent 



Attorney's Docket No. 04814.P017 

embodiments, assuming computing device 502 is a client seeking to purchase 
goods, then remote devices 516, 518 may be a billing service 516 providing 
substitute billing data to the user for purchasing goods from a business 518. 

It will be appreciated that remote computing devices 516, 518 may be 
configured like computing device 502, and therefore include many or all of the 
elements discussed for computing device 502. It should also be appreciated that 
computing devices 502, 516, 518 may be embodied within a single device, or 
separate communicatively-coupled components, and include routers, bridges, 
peer devices, web servers, and application programs utilizing network application 
protocols such as HTTP, File Transfer Protocol (FTP), Gopher, Wide Area 
Information Server (WAIS), and the like. 

Having described and illustrated the principles of the invention with 
reference to illustrated embodiments, it will be recognized that the illustrated 
embodiments can be modified in arrangement and detail without departing from 
such principles. 

And, even though the foregoing discussion has focused on particular 
embodiments, it is understood that other configurations are contemplated. In 
particular, even though expressions such as "in one embodiment," "in another 
embodiment," and the like are used herein, these phrases are meant to generally 
reference embodiment possibilities, and are not intended to limit the invention to 
particular embodiment configurations. 

As used herein, these terms may reference the same or different 
embodiments, and unless expressly indicated otherwise, are combinable into 
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other embodiments. Consequently, in view of the wide variety of permutations to 
the above-described embodiments, the detailed description is intended to be 
illustrative only, and should not be taken as limiting the scope of the invention. 
What is claimed as the invention, therefore, is all such modifications as may 
come within the scope and spirit of the following claims and equivalents thereto. 
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What is claimed is: 

1 . A method comprising: 
registering a user with a first web site; 

a billing service providing a first billing data for use to register the user with 
said first web site; 

registering the user with a second web site; and 

the billing service providing a second billing data, separate and distinct 
from the first billing data, for use to register said user with said second web site. 

2. The method of claim 1 , wherein the first/second billing data are 
provided to the user in advance of said registering with said first/second web 
sites. 

3. The method of claim 1 , wherein the first/second billing data are 
provided to the user in real time during said registering with said first/second web 
sites. 

4. The method of claim 1 , wherein the first billing data comprises a 
first credit card identifier, and the second billing data comprises a second credit 
card identifier, separate and distinct from said first credit card identifier. 

5. The method of claim 4, wherein the first/second billing data is 
restricted to transactions between the user and said first/second web sites. 

6. The method of claim 1 , 
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wherein the first billing data corresponds to a selected one of an advance 
debit charge, a real-time credit charge, or a post-transaction invoicing 
arrangement, and 

the second billing data corresponds to a selected one of an advance debit 
charge, a real-time credit charge, or a post-transaction invoicing arrangement, 
said second billing data separate and distinct from said first billing data. 

7. The method of claim 1 , further comprising: 

said first/second web sites requiring first/second payment formats; 

paying for a transaction with said first/second web site according to said 
first/second payment format; and 

billing the user according to a private billing data different from said 
first/second billing data. 

8. The method of claim 1 , further comprising: 

said first/second web sites requiring first/second payment formats; 
determining at least one user billing format for the user; and 
the billing service converting, on behalf of the user, between said 

first/second payment formats and a selected one of said at least one user billing 

format. 

9. The method of claim 8, further comprising: 

submitting said first/second billing data to said first/second web sites; 
purchasing a product from the first web site; 
receiving a charge against said first/second billing data; and 
billing the user according to said selected billing format. 
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1 0. The method of claim 1 , further comprising: 

the billing service obtaining said first/second billing data from a financial 
institution. 

1 1 . The method of claim 1 , wherein the billing service providing said 
first/second billing data comprises: 

the billing service selecting said first/second billing data from a plurality of 
distinct billing data provided to said computing device. 

1 2. The method of claim 1 1 , the method further comprising: 

the billing service contacting a financial institution to obtain the plurality of 
distinct billing data from the financial institution; and 

receiving the plurality of distinct billing data from the financial institution. 

1 3. The method of claim 1 , further comprising: 

the billing service obtaining in real time said first/second billing data from a 

bank. 

1 4. The method of claim 1 , further comprising: 

the billing service obtaining said first/second billing data from a bank; and 
during a transaction with said first/second web site, the computing device 
obtaining said first/second billing data in real time from the billing service. 

1 5. The method of claim 1 4, further comprising: 

the billing service receiving a plurality of billing data from the bank; and 
selecting said first/second billing data from said plurality of billing data. 



Express Mail Label No. EL414991054US 



-22- 



Patent 



Attorney's Docket No. 04814.P017 

1 6. The method of claim 1 4, wherein said obtaining by the billing 
service of said first/second billing data is performed during the transaction with 
said first/second web site. 

1 7. The method of claim 1 , further comprising: 

notifying the billing service of usage of said first/second billing data with 
said first/second web sites; 

wherein said notifying allows the billing service to confirm charges to said 
first/second billing data originate from said first/second web sites. 

1 8. The method of claim 1 7, further comprising: 

wherein said notifying the billing service occurs with providing said 
first/second billing data to said first/second web site. 

1 9. The method of claim 1 7, further comprising: 

wherein said notifying the billing service occurs after providing said 
first/second billing data to said first/second web site. 

20. The method of claim 1 , further comprising: 
receiving charges to said first and second billing data; and 
organizing said received charges based at least in part on whether the 

charges are applied to the first or the second billing data. 

21 . The method of claim 20, wherein said organizing is based on 
whether a charge to first/second billing data is received from the web site to 
which said first/second billing data was provided. 
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22. The method of claim 21 , further comprising: 

the billing service disputing all charges to said first/second billing data not 
received from the web site to which said first/second billing data was provided. 

23. The method of claim 22, further comprising: 

wherein disputing is performed in response to an instruction of the user. 

24. The method of claim 23, further comprising: 

for disputable charges, providing a user interface having a control for each 
of said disputable charges; 

wherein a single press of the control issues said instruction of the user. 

25. The method of claim 1 , wherein the web site is a selected one of a 
content provider, a service provider and an access provider. 

26. A method comprising for a user to provide substitute billing data in 
lieu of personal billing data for the user, comprising: 

an electronic device obtaining distinct credit card numbers from a billing 
service for use by the user as a substitute for said personal billing data; 

the electronic device selecting a first of said credit card numbers to 
facilitate purchasing goods from a first business; and 

the electronic device selecting a second of said credit card numbers to 
facilitate purchasing goods from a second business. 

27. The method of claim 26, wherein the electronic device is a portable 
digital assistant, said method further comprising: 
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disposing said distinct credit card numbers in a memory within the 
electronic device; 

identifying a connection attempt to a particular business; 

looking for an associated credit card number for the particular business; 

and 

if found, displaying the associated credit card number. 

28. The method of claim 27, where further comprising: 

if the associated credit card number is not found, then selecting a third 
credit card number from said distinct credit card numbers, associating said 
selected credit card number with the particular business; and 

automatically connecting to the billing service of said association of said 
selected credit card number with the particular business. 

29. The method of claim 26, wherein the method further comprises: 
the electronic device notifying the billing service of said selection of said 

first/second distinct credit card numbers to facilitate purchasing goods from said 
first/second business. 

30. A method comprising: 

an billing service registering a user; and 

the billing service providing at least a first and a second billing data, that 
are separate and distinct, for use by the user as a substitute for personal billing 
data when purchasing goods from a first and a second business. 

31 . The method of claim 30, wherein said first/second billing data 
comprises: 
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a third billing data for use by said first/second business for charging the 
billing service for goods purchased by said user; and 

a fourth data for use by the billing service for billing the user for charges 
received from said first/second business. 

32. The method of claim 30, further comprising: 

the billing service providing a plurality of distinct billing data to an 
electronic device; 

the user selecting said first/second separate and distinct billing data from 
said plurality of billing data; and 

associating said first/second separate and distinct billing data with said 
first/second business. 

33. The method of claim 32, wherein the electronic device is a personal 
digital assistant (PDA), said method further comprising: 

disposing said distinct billing data in a memory within the electronic 
device; 

identifying a connection attempt to a particular business; 
looking for associated billing data for the particular business; and 
if found, displaying the associated billing data. 

34. The method of claim 33, wherein the method further comprises: 
the PDA automatically connecting to the billing service and informing it of 

said selection of said first/second distinct billing data. 

35. The method of claim 30, further comprising: 
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the billing service providing in real time said first/second billing data to an 
electronic device used by the user; 

wherein the electronic device is operable to purchase goods from said 
first/second business. 

36. The method of claim 30, further comprising: 

the billing service receiving notification of usage of said first/second billing 
data with said first/second business from an electronic device used by the user. 

37. The method of claim 36, wherein said receiving notification 
comprises receiving a charge against said first/second billing data by said 
first/second business. 

38. A method comprising: 

a billing service receiving purchase charges against substitute billing data 
associated with a user, said substitute billing data substituting for personal billing 
data of the user; and 

the billing service grouping said received charges according each 
business submitting said charges; 

wherein said each business is uniquely associated with different substitute 
billing data. 

39. The method of claim 38, further comprising: 

disputing charges against said substitute billing data if said received 
charges are not received from the business uniquely associated with said 
substitute billing data. 
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40. The method of claim 38, further comprising: 

highlighting charges against said substitute billing data if said received 
charges are not received from the business uniquely associated with said 
substitute billing data. 

41 . The method of claim 40, further comprising: 

asking the user whether to dispute a highlighted charge; and 
disputing the highlighted charge in accordance with an answer to said 
asking. 

42. The method of claim 41 , further comprising: 

providing the user with an end user interface feature to provide said 
answer with a single press of a key/control button. 

43. An apparatus comprising: 

a storage medium having stored therein a plurality of programming 
instructions designed to enable the apparatus, when the programming 
instructions are executed on behalf of a user, to 

register the user with a first web site and provide a first billing data 
as substitute for personal billing data of the user, for said registering with said 
first web site, and 

register the user with a second web site and provide a second 
billing data as substitute for personal billing data of the user, for said registering 
with said second web site, said second billing data separate and distinct from the 
first billing data; and 

a processor coupled to the storage medium to execute the plurality of 
programming instructions. 



Express Mail Label No. EL414991054US 



-28- 



Patent 



Attorney's Docket No. 04814.P017 



44. The apparatus of claim 43, wherein the programming instructions, 
when executed by said processor, include further instructions to enable the 
apparatus to: 

provide the first/second billing data to a selected one of the user for 
registering with said first/second web site. 

45. The apparatus of claim 43, wherein the programming instructions, 
when executed by said processor, include further instructions to enable the 
apparatus to: 

provide the first/second billing data to said first/second web site during 
registration therewith. 

46. The apparatus of claim 43, wherein use of said first/second billing 
data is restricted to transactions between the user and said first/second web site. 

47. The apparatus of claim 43, wherein the first billing data 
corresponds to a selected one of an advance debit charge, a real-time credit 
charge, or a post-transaction invoicing arrangement, and the second billing data 
corresponds to a selected one of an advance debit charge, a real-time credit 
charge, or a post-transaction invoicing arrangement, said second billing data 
separate and distinct from said first billing data. 

48. The apparatus of claim 43, wherein the programming instructions 
include further programming instructions, when executed by said processor, to 
enable the apparatus to: 

determine at least one user billing format for the user; and 
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register the user with a billing service, said billing service configured to 
convert, on behalf of the user, between said first/second billing data and the user 
billing format. 

49. The apparatus of claim 43, wherein the apparatus is embedded 
within a host selected from a set of hosts consisting of: a computing device, an 
electronic card, a telephone, a personal digital assistant (PDA), a portable audio 
device, a portable audiovisual device, a cellular telephone, a key-chain dongle, 
and a transportation device. 

50. The apparatus of claim 43, further comprising a user interface, 
wherein the programming instructions include further programming instructions, 
which when executed by the processor, enable the apparatus to: 

receive a plurality of billing data from a billing service; 

provide the plurality of billing data to the user interface; 

request the user to select said first billing data from said plurality of billing 
data for association with said first web site; and 

request the user to select said second billing data from said plurality of 
billing data for association with said second web site. 

51 . The apparatus of claim 43, further comprising: 
a network interface; 

wherein the programming instructions include further instructions, which 
when executed by the processor, configure the network interface to connect to a 
billing service. 
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52. The apparatus of claim 43, wherein the programming instructions, 
when executed by the processor, enable the apparatus to provide in real time 
said first/second billing data to an electronic device used by the user. 

53. An apparatus comprising: 

a storage medium having stored therein a plurality of programming 
instructions designed to enable the apparatus, when the programming 
instructions are executed, to provide at least a first and a second billing data, that 
are separate and distinct, for use by a user as a substitute for personal billing 
data when purchasing goods from a first and a second business; and 

a processor coupled to the storage medium to execute the plurality of 
programming instructions. 

54. The apparatus of claim 53, wherein said first/second billing data 
comprises: 

a third billing data used by said first/second business for charging the 
billing service for goods purchased by said user; and 

a fourth data for use by the billing service for billing the user for charges 
received from said first/second business. 

55. The apparatus of claim 53, wherein the programming instructions, 
when executed by said processor, include further instructions to enable the 
apparatus to: 

provide a plurality of distinct billing data to an electronic device; 
receive a user selection of said first/second separate and distinct billing 
data from said plurality of billing data; and 
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associate said first/second separate and distinct billing data with said 
first/second business. 

56. The apparatus of claim 54, wherein the electronic device includes a 
second processor for executing second programming instructions, which when 
executed by said second processor, direct the electronic device to: 

dispose said distinct billing data in a memory within the electronic device; 
identify a connection attempt to a particular business; 
look for associated billing data for the particular business; and 
display the associated billing data if found. 

57. The apparatus of claim 56, wherein said second programming 
instructions, when executed by said second processor, include further 
instructions to enable the electronic device to: 

automatically connect to the apparatus and inform it of said selection of 
said first/second distinct billing data, 

58. The apparatus of claim 53, wherein the programming instructions, 
when executed by said processor, include further instructions to enable the 
apparatus to: 

provide in real time said first/second billing data to an electronic device 
operable to purchase goods from said first/second business. 

59. The apparatus of claim 53, wherein the programming instructions, 
when executed by said processor, include further instructions to enable the 
apparatus to: 
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receive notification of usage of said first/second billing data with said 
first/second business from an electronic device used by a purchaser. 

60. The method of claim 59, wherein said receiving notif ication 
comprises receiving a charge against said first/second billing data by said 
first/second business. 
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Masking Private Billing Data By Assigning Other 
Billing Data To Use In Commerce With Businesses 

ABSTRACT 

A method and apparatus for shielding a user's private billing data, such as 
credit card information, or other billing arrangements, but distributing different 
billing data to businesses during commerce therewith. Also disclosed is 
assigning the different billing data through real-time and advance distribution of 
the different billing data to a user, as well . Also disclosed is validating the 
correctness of a charge through confirmation of the charge with a financial 
institution, such as a bank, and by comparing itemized charges against expected 
charges identified by the user. 
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Matthew C. Fagan, Reg. No. 37,542; Tarek N. Fahmi, Reg. No. 41,402; James Y. Go, Reg. No. 40,621 ; James A. 
Henry, Reg. No. 41,064; Willmore F. Holbrow III, Reg. No. 41,845; Sheryl Sue Holloway, Reg. No. 37,850; 
George W Hoover II, Reg. No. 32,992; Eric S. Hyman, Reg. No. 30,139; Dag H. Johansen, Reg. No. 36,172; 
William W. Kidd, Reg. No. 31,772; Eric T. King, Reg. No. 44,188; Erica W. Kuo, Reg. No. 42,775; Michael J. 
Mallie, Reg. No. 36,591; Paul A. Mendonsa, Reg. No. 42,879; Clive D. Menezes, Reg. No. 45,493; Darren J. 
Milliken, Reg. No. 42,004; Chun M. Ng, Reg. No. 36878; Thien T. Nguyen, Reg. No. 43,835; Thinh V. Nguyen, 
Reg. No. 42,034; Dennis A. Nicholls, Reg. No. 42,036; Lisa A. Norris, Reg. No. 44,976; Daniel E. Ovanezian, 
Reg. No. 41,236; Babak Redjaian, Reg. No. 42,096; William F. Ryann, Reg. No. 44,313; James H. Salter, Reg. 
No. 35,668; William W. Schaal, Reg. No. 39,018; James C. Scheller, Reg. No. 31,195; Jeffrey S. Smith, Reg. No. 
39,377; Maria McCormack Sobrino, Reg. No. 31,639; Stanley W. Sokoloff, Reg. No. 25,128; Judith A. Szepesi, 
Reg. No. 39,393; Vincent P. Tassinari, Reg. No. 42,179; Edwin H. Taylor, Reg. No. 25,129; George G. C. Tseng, 
Reg. No. 41,355; Joseph A. Twarowski, Reg. No. 42,191; Lester J. Vincent, Reg. No. 31,460; Glenn E. Von 
Tersch, Reg. No. 41,364; John Patrick Ward, Reg. No. 40,216; Charles T. J. Weigell, Reg. No. 43,398; Kirk D. 
Williams, Reg. No. 42,229; James M. Wu, Reg. No. P45,241; Steven D. Yates, Reg. No. 42,242; and Norman 
Zafman, Reg. No. 26,250; my attorneys; and Andrew C. Chen, Reg. No. 43,544; Justin M. Dillon, Reg. No. 
42,486; Paramita Ghosh, Reg. No. 42,806; Sang Hui Kim, Reg. No. 40,450; and John F. Travis, Reg. No. 43,203; 
my patent agents, with offices located at 12400 Wilshire Boulevard, 7th Floor, Los Angeles, California 90025, 
telephone (714) 557-3800, with full power of substitution and revocation, to prosecute this application and to 
transact all business in the Patent and Trademark Office connected herewith. 
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